<?php
/**
 * @file
 * This file is where users view the pending requests
 */

require_once("security.php");

if (isset($_GET['q']))
{
	if ($_GET['q'] == 'paid')
  {
  	$vloss1=urldecode($_REQUEST['c']);
    $vloss=stripslashes($vloss1);
    $query = "update losses set status=3 where status=2 and losses.victim='".addslashes($vloss)."';";
    mysql_query($query, $conn);
    header("location:admin.php");
  }
  else if($_GET['q'] == 'deny')
  {
  	$vloss1=urldecode($_REQUEST['c']);
    $vloss=stripslashes($vloss1);
    $query = "update losses set status=4 where killId='".addslashes($vloss)."';";
    mysql_query($query, $conn);
    header("location:admin.php");  	
  }
}

require("header.php");
require("admin_header.php");

?>



<?php
$res = mysql_query("select a.ship, b.value from (select ship from losses where status = 2 group by ship) as a left join shipValues as b on a.ship = b.ship where value is null and a.ship != 'Capsule';", $conn);
if (mysql_num_rows($res) != 0)
	{
?>
<table width=80%>
<tr><td><Font color=red>Note: Some ships have been submitted for reimbursment but do not have a value configured.
Ships without a value will not appear on the review interface.</Font>
</table>
<br><br>
<?php
	}
$res = mysql_query("select losses.ship as ship,
													 losses.cloneGrade,
													 losses.victim,
													 losses.killId,
													 losses.system,
													 shipValues.value,
													 players.charname,
													 players.charid from losses,
													 shipValues,
													 players
										 WHERE losses.victim = players.charname
										   AND if( losses.ship = 'Capsule', losses.cloneGrade, losses.ship ) = shipValues.ship
										   AND STATUS =2
								  ORDER BY victim;", $conn);
if (!$res)
	die("Problem with mysql: ".$message);

if (mysql_num_rows($res) == 0)
	{ ?>
<table width=80%>
<tr><td>There are no losses currently submitted for reimbursement
</table>
<?php
	exit;
	}
?>

<table width=80%>
<tr><td>Time to pay up:
</table>
<?

echo("<br><br><table width=80% border=1 cellspacing=0>");
echo("<tr><th>Pilot<th>Losses<th>Payout<th>Paid");
$pilot = "zzzzFirst";
while($row = mysql_fetch_assoc($res))
	{
	if ($row['victim'] != $pilot)
		{
		if ($pilot != "zzzzFirst")
			{
			echo("<TD align=right>".number_format($payout));
			echo("<TD align=center><br><a href=admin.php?q=paid&c=".urlencode($pilot).">Paid</a>");
			}

		$payout = $row['value'];
		$pilot = $row['victim'];
		echo("<TR>");
		echo("<TD><a href='' onclick='CCPEVE.showInfo(1377, ".$row['charid'].")'/> ".$row['victim'])."</a>";
		echo("<TD><A href=".$killboardUrl."//?a=kill_detail&kll_id=".$row['killId'].">".$row['ship']." (".$row['system'].")</a> ");
		echo("(<a href='admin.php?q=deny&c=".$row['killId']."'>x</a>),");
		}
		else
		{
		$payout += $row['value'];

		echo("<A href=".$killboardUrl."//?a=kill_detail&kll_id=".$row['killId'].">".$row['ship']." (".$row['system'].")");
		if ($row['ship'] == "Capsule")
			echo(" (".$row['cloneGrade'].")");
		echo("</a>, ");
		echo("(<a href='admin.php?q=deny&c=".$row['killId']."'>x</a>),");
		}
	}

echo("<TD align=right>".number_format($payout));
echo("<TD align=center><br><a href=admin.php?q=paid&c=".urlencode($pilot).">Paid</a>");

echo("</table>");

?>
